We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
A Risk-Based Allocation of Internal Audit Time: A Case Study.
- Authors
Miltz, David; Calomme, Guy J.; Willekens, Marleen
- Abstract
This article presents a case study on the Janssen Pharmaceutica group of companies to provide a link between an internal audit planning model and its actual application. The theoretical risk-based planning model developed by Patton et al. (1983) addresses the important question of allocating available internal auditing time on the most cost-beneficial basis. The model minimizes overall audit risk when a fixed amount of discretionary audit time is available. This case study provides a practical approach to developing a risk index for each organizational unit that might be audited. Using these risk indices, the study develops a functional technique to assign a level of audit intensity to each unit in order to achieve the cost-benefit criterion. The risk index requires determination of three variables. First, a set of risk factors judged common to all units is needed. The consensus of five of Janssen's internal auditors yielded internal control status, amount of change, nature of activities, size, internal and external pressure on unit management, and environment (political, legal, …) . Second, the relative importance of each factor to the others is required. The five auditors individually performed a pairwise comparison of each factor (Saaty 1977). These comparisons were checked for consistency and combined into a consensus solution. The rank of importance from high to low is the order shown above. To quantify the last component needed for computation of the risk index, the internal audit director rated the six risk factors for each unit on a five-point scale. The three elements were then combined to arrive at a risk Index for each unit. The next step called for determining the relationship of risk reduction to time spent for each unit. To achieve this: (1) three possible levels of audit work (e.g., limited review) were defined for each unit; (2) the time associated with the three levels for each unit was estimated by the internal audit management of the company; and (3) the amount of risk reduction provided by the completion of each audit level by unit was subjectively estimated. Data inspection led to the use of the marginal analysis procedure to combine the risk indices and the possible levels of audit so that the overall risk was as low as possible using the available discretionary audit staff.
- Subjects
INTERNAL auditing; JANSSEN Pharmaceutica NV; PHARMACEUTICAL industry; CASE studies; AUDITING; AUDIT departments; INTERNAL auditors; AUDITORS; ACCOUNTING
- Publication
Auditing: A Journal of Practice & Theory, 1991, Vol 10, Issue 2, p49
- ISSN
0278-0380
- Publication type
Article